AWS SysOPS Admin – Associate Exam Practice Questions (Free Quiz)

A solutions architect peered two VPCs (VPC A & VPC B); A as requester and B as accepter. Both the VPCs can communicate with each other. Now, it is required that the resources in both the VPCs can connect to the internet but, anyone on the internet should not be able to reach resources that are inside the VPC. What should be done?

An organization has a VPC (10.10.0.0/16) with two private and one public (10.10.1.0/24) subnets. Private subnet 1 (ps1 – 10.10.2.0/24) and private subnet 2 (ps2 – 10.10.3.0/24). Public subnet has the main route table, and the two private subnets have their route tables. The sysops team reported a problem which stated that the EC2 instance in ps1 is unable to communicate with the RDS MySQL database that is in ps2. Select all possible reasons for this problem.

As a solutions architect, for an organization, you have setup a VPC with CIDR range 10.10.0.0/16. Created an IGW and new route table, and added a new route with IGW as target and 0.0.0.0/0 as a destination. Also, you have created two subnets, one for public and the other for private and launched a Linux instance on a public subnet with Auto-assign public IP option enabled. After all this effort, when you tried to SSH the new machine, the connection got failed. What could be the reason?

Your company wants to upload files to S3 bucket privately through VPC. In your existing VPC, you already have a subnet and route table that contains a route to the NAT gateway. To fulfil the new requirement, you created VPC Endpoint for S3 and added same route table. Unfortunately, in the S3 server logs, you found out that the requests to S3 from an EC2 instance within the subnet that you have associated with the
mentioned route table are going to the internet through the NAT gateway. What is the possible reason?

An organization has a VPC with S3 VPC Endpoint that serves some S3 buckets. You were asked to create a new S3 bucket and reuse the existing VPC Endpoint to route requests to the new bucket. You performed the task, and then you found that the requests are failing with an “Access Denied” error. Select 2 reasons for this problem.

You want to download patches on an EC2 instance which resides in a private subnet inside a custom VPC. You created a NAT gateway and added a route to the route table. However, the connection getting timed-out when you are trying to download patches on the EC2 instance. Select 2 reasons for this issue.

You have been assigned with a task to build a solution for a web application that contains a web server and an RDS instance. The existing environment has a VPC with a private subnet and public subnet which has a route to the internet through an IGW. Provide the best and cost-efficient solution.

You are asked to build a group of EC2 Linux instances in your AWS environment to handle scheduled heavy workloads and write the data into AWS RedShift. All the stakeholders need to login to these instances to develop, fix and deploy workloads only within the organization’s network. Provide a secure and cost-effective solution.

You have a Bastion-host EC2 instance on a VPC public subnet. Assuming that the route  table is setup with internet gateway, what would be the minimal configuration that is required to for SSH request to work?

As an architect, your task is to transfer the data to S3 without going to the internet to comply with the security policies. Your network is connected to VPC through VPN, and the VPC contains S3 VPC gateway endpoint to access S3 through AWS internal network. The data to be transferred is on the organization’s network. Suggest the best possible method to get the required task done.

You have a VPC in your nearest AWS region, you have created VPC endpoint for S3 and added it to the main route table. You also upgraded your EC2 instance that is inside a subnet which is associated to the main route table. When requests generated to S3 from the upgraded instance, the connection got failed. The S3 bucket is in the same region. Select all possible regions for this issue

You have created three VPCs (A, B & C) and peered these three; A to B and B to C. You created a NAT gateway in VPC B and tried to use the same NAT gateway for resources that are inside VPCs A and C. You found out that, resources within A & C cannot communicate to internet through the NAT gateway, but resources inside B are communicating. Select the possible reason.

You have launched EC2 instances in two VPCs that are peered and tried to communicate through peering connection. From the given options, select the reason for request getting timed out

A trainee architect complained that he created a VPC with CIDR range 10.10.0.0/16 and a subnet with CIDR range 10.10.1.0/24. When he went to the VPC console subnets and looked at the newly created subnet, he could only find 251 IP addresses although /24 CIDR comes with 256 addresses. He hasn’t launched any resources in the VPC. What could be the reason behind this?

You are asked to setup a VPC and a private subnet, also a VPN connection with your company to communicate with the resources within the VPC. Your organization may require DNS names for some on-premise apps to communicate with VPC. You launched a new EC2 instance with the auto-assign public as disable but when the instance got ready, you notice that Public DNS name is missing, what will you do?